I think winbind is required for file service isn't it? On Wed, Jun 10, 2015 at 1:28 PM, Rowland Penny <rowlandpenny at googlemail.com> wrote:> On 10/06/15 21:15, David Bear wrote: > > Thanks Rowland -- will attempt to pull the startup script from the deb > package. > > Just to clarify, When starting samba as an AD DC, we use the samba-ad-dc > script, when starting samba as a file server only, we need a script that > only starts smbd, nmbd, and winbind. ? > > > Basically yes, but on Debian the script called samba will start the AD DC > by running the samba-ad-dc script, or it will run the two scripts called > smbd and nmbd to start a member server. I would suggest that you just use > the smbd & nmbd scripts, you will also need the winbind script from the > winbind package if you intend to use winbind. > > Rowland > > > > > On Wed, Jun 10, 2015 at 12:59 AM, Rowland Penny < > rowlandpenny at googlemail.com> wrote: > >> On 10/06/15 03:26, David Bear wrote: >> >>> I have setup samba 4.2.x as an AD DC in a linux container. This is an >>> privileged container. I am using the brdging interface and have bound >>> samba >>> to the specific interface I want. >>> >>> As an ADDC it is working great. >>> >>> Now I go to the linux host, and created a samba 4.2 file server. I was >>> able >>> to join it to the domain. I followed the member server instructions at >>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server . >>> >>> There were a couple of things that were confusing. Since I am installing >>> an >>> an ubuntu 14 LTS server I followed the debian side of the instructions. >>> >>> Instructions for starting the daemons are given at >>> https://wiki.samba.org/index.php/Samba4/InitScript. Towards the end of >>> the >>> wiki we were given instructions for both an init.d script and an upstart >>> configuration file. I have grabbed the init.d/ script, made the >>> modfications to point things to /usr/local/samba installation -- and >>> when I >>> run it, nothing happens.. So I start samba using sbin/samba and the >>> deamons >>> start. >>> >>> However at the tail end of my log file I see >>> >>> [2015/06/09 19:22:16.752250, 0] >>> ../source4/smbd/server.c:475(binary_smbd_main) >>> At this time the 'samba' binary should only be used for either: >>> 'server role = active directory domain controller' or to access the >>> ntvfs >>> file server with 'server services = +smb' or the rpc proxy with 'dcerpc >>> endpoint servers = remote' >>> You should start smbd/nmbd/winbindd instead for domain member and >>> standalone file server tasks >>> [2015/06/09 19:22:16.752314, 0] >>> ../lib/util/become_daemon.c:111(exit_daemon) >>> STATUS=daemon failed to start: Samba detected misconfigured 'server >>> role' >>> and exited. Check logs for details, error code 22 >>> >>> since I followed the member server how to -- I am wondering if something >>> there is left out? >>> >>> Here's my smb.conf >>> >>> /usr/local/samba# less etc/smb.conf >>> [global] >>> >>> netbios name = srv1 >>> workgroup = INTERNAL >>> security = ADS >>> realm = INTNERAL.XCITY.COM >>> dedicated keytab file = /etc/krb5.keytab >>> kerberos method = secrets and keytab >>> >>> idmap config *:backend = tdb >>> idmap config *:range = 2000-9999 >>> idmap config IN:backend = ad >>> idmap config IN:schema_mode = rfc2307 >>> idmap config IN:range = 10000-99999 >>> >>> winbind nss info = rfc2307 >>> winbind trusted domains only = no >>> winbind use default domain = yes >>> winbind enum users = yes >>> winbind enum groups = yes >>> winbind refresh tickets = yes >>> >>> bind interfaces only = yes >>> interfaces = em1 >>> log level = 5 >>> log file = /usr/local/samba/var/log.%m >>> >>> >>> ---- >>> which matches the how to. >>> >>> So there seems to be something missing from the how to . >>> >>> Any suggestions ? >>> Also the %m macro expansion fails for the log file. It actually calls the >>> log vile %m... >>> >> >> Nope, there is nothing missing from the member server howto, it tells >> you what samba processes to start, (smbd, nmbd and winbind). You should >> only start the samba process on an AD DC. >> >> The problem seems to be that the wiki init script page only seems to have >> a script to start smbd & nmbd (it's at the bottom of the page) and there >> isn't one for winbind. >> >> The easiest way to get the required init scripts is to download the samba >> package with 'apt-get download samba', unpack it (the easiest way is to >> browse to the deb and right click it and select 'Extract here'). Now browse >> into the directory that will be created >> ~/samba_2%3a4.1.6+dfsg-1ubuntu2.14.04.7_amd64/etc/init.d >> You should find 4 files, you want 3 of them, the one you don't want is >> 'samba-ad-dc' >> Open each of the required files in your favourite editor and change the >> paths to point to your samba binaries, save the file and then move it to >> /etc/init.d/ >> >> Rowland >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > > > -- > David Bear > mobile: (602) 903-6476 > > > >-- David Bear mobile: (602) 903-6476
On 10/06/15 22:08, David Bear wrote:> I think winbind is required for file service isn't it? > > On Wed, Jun 10, 2015 at 1:28 PM, Rowland Penny > <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote: > > On 10/06/15 21:15, David Bear wrote: >> Thanks Rowland -- will attempt to pull the startup script from >> the deb package. >> >> Just to clarify, When starting samba as an AD DC, we use the >> samba-ad-dc script, when starting samba as a file server only, >> we need a script that only starts smbd, nmbd, and winbind. ? > > Basically yes, but on Debian the script called samba will start > the AD DC by running the samba-ad-dc script, or it will run the > two scripts called smbd and nmbd to start a member server. I would > suggest that you just use the smbd & nmbd scripts, you will also > need the winbind script from the winbind package if you intend to > use winbind. > > Rowland > > >> >> >> On Wed, Jun 10, 2015 at 12:59 AM, Rowland Penny >> <rowlandpenny at googlemail.com >> <mailto:rowlandpenny at googlemail.com>> wrote: >> >> On 10/06/15 03:26, David Bear wrote: >> >> I have setup samba 4.2.x as an AD DC in a linux >> container. This is an >> privileged container. I am using the brdging interface >> and have bound samba >> to the specific interface I want. >> >> As an ADDC it is working great. >> >> Now I go to the linux host, and created a samba 4.2 file >> server. I was able >> to join it to the domain. I followed the member server >> instructions at >> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server >> . >> >> There were a couple of things that were confusing. Since >> I am installing an >> an ubuntu 14 LTS server I followed the debian side of the >> instructions. >> >> Instructions for starting the daemons are given at >> https://wiki.samba.org/index.php/Samba4/InitScript. >> Towards the end of the >> wiki we were given instructions for both an init.d script >> and an upstart >> configuration file. I have grabbed the init.d/ script, >> made the >> modfications to point things to /usr/local/samba >> installation -- and when I >> run it, nothing happens.. So I start samba using >> sbin/samba and the deamons >> start. >> >> However at the tail end of my log file I see >> >> [2015/06/09 19:22:16.752250, 0] >> ../source4/smbd/server.c:475(binary_smbd_main) >> At this time the 'samba' binary should only be used >> for either: >> 'server role = active directory domain controller' or >> to access the ntvfs >> file server with 'server services = +smb' or the rpc >> proxy with 'dcerpc >> endpoint servers = remote' >> You should start smbd/nmbd/winbindd instead for domain >> member and >> standalone file server tasks >> [2015/06/09 19:22:16.752314, 0] >> ../lib/util/become_daemon.c:111(exit_daemon) >> STATUS=daemon failed to start: Samba detected >> misconfigured 'server role' >> and exited. Check logs for details, error code 22 >> >> since I followed the member server how to -- I am >> wondering if something >> there is left out? >> >> Here's my smb.conf >> >> /usr/local/samba# less etc/smb.conf >> [global] >> >> netbios name = srv1 >> workgroup = INTERNAL >> security = ADS >> realm = INTNERAL.XCITY.COM <http://INTNERAL.XCITY.COM> >> dedicated keytab file = /etc/krb5.keytab >> kerberos method = secrets and keytab >> >> idmap config *:backend = tdb >> idmap config *:range = 2000-9999 >> idmap config IN:backend = ad >> idmap config IN:schema_mode = rfc2307 >> idmap config IN:range = 10000-99999 >> >> winbind nss info = rfc2307 >> winbind trusted domains only = no >> winbind use default domain = yes >> winbind enum users = yes >> winbind enum groups = yes >> winbind refresh tickets = yes >> >> bind interfaces only = yes >> interfaces = em1 >> log level = 5 >> log file = /usr/local/samba/var/log.%m >> >> >> ---- >> which matches the how to. >> >> So there seems to be something missing from the how to . >> >> Any suggestions ? >> Also the %m macro expansion fails for the log file. It >> actually calls the >> log vile %m... >> >> >> Nope, there is nothing missing from the member server howto, >> it tells you what samba processes to start, (smbd, nmbd and >> winbind). You should only start the samba process on an AD DC. >> >> The problem seems to be that the wiki init script page only >> seems to have a script to start smbd & nmbd (it's at the >> bottom of the page) and there isn't one for winbind. >> >> The easiest way to get the required init scripts is to >> download the samba package with 'apt-get download samba', >> unpack it (the easiest way is to browse to the deb and right >> click it and select 'Extract here'). Now browse into the >> directory that will be created >> ~/samba_2%3a4.1.6+dfsg-1ubuntu2.14.04.7_amd64/etc/init.d >> You should find 4 files, you want 3 of them, the one you >> don't want is 'samba-ad-dc' >> Open each of the required files in your favourite editor and >> change the paths to point to your samba binaries, save the >> file and then move it to /etc/init.d/ >> >> Rowland >> -- >> To unsubscribe from this list go to the following URL and >> read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> >> >> -- >> David Bear >> mobile: (602) 903-6476 >> >> > > > > > -- > David Bear > mobile: (602) 903-6476 > >Yes, but you could use nslcd or sssd. Rowland
I am aware of sssd -- but I assumed I had to use the sssd package which was a complete compile. I wasn't sure all the additions sssd made so I thought I would understand things better if I compiled from scratch. I don't know what nslcd is -- My goal is to provide ONLY file servers for samba ADDC authenticated users. I assmed winbind was the shortest route to that. On Thu, Jun 11, 2015 at 1:29 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote:> On 10/06/15 22:08, David Bear wrote: > > I think winbind is required for file service isn't it? > > On Wed, Jun 10, 2015 at 1:28 PM, Rowland Penny < > rowlandpenny at googlemail.com> wrote: > >> On 10/06/15 21:15, David Bear wrote: >> >> Thanks Rowland -- will attempt to pull the startup script from the deb >> package. >> >> Just to clarify, When starting samba as an AD DC, we use the >> samba-ad-dc script, when starting samba as a file server only, we need a >> script that only starts smbd, nmbd, and winbind. ? >> >> >> Basically yes, but on Debian the script called samba will start the AD >> DC by running the samba-ad-dc script, or it will run the two scripts called >> smbd and nmbd to start a member server. I would suggest that you just use >> the smbd & nmbd scripts, you will also need the winbind script from the >> winbind package if you intend to use winbind. >> >> Rowland >> >> >> >> >> On Wed, Jun 10, 2015 at 12:59 AM, Rowland Penny < >> rowlandpenny at googlemail.com> wrote: >> >>> On 10/06/15 03:26, David Bear wrote: >>> >>>> I have setup samba 4.2.x as an AD DC in a linux container. This is an >>>> privileged container. I am using the brdging interface and have bound >>>> samba >>>> to the specific interface I want. >>>> >>>> As an ADDC it is working great. >>>> >>>> Now I go to the linux host, and created a samba 4.2 file server. I was >>>> able >>>> to join it to the domain. I followed the member server instructions at >>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server . >>>> >>>> There were a couple of things that were confusing. Since I am >>>> installing an >>>> an ubuntu 14 LTS server I followed the debian side of the instructions. >>>> >>>> Instructions for starting the daemons are given at >>>> https://wiki.samba.org/index.php/Samba4/InitScript. Towards the end >>>> of the >>>> wiki we were given instructions for both an init.d script and an upstart >>>> configuration file. I have grabbed the init.d/ script, made the >>>> modfications to point things to /usr/local/samba installation -- and >>>> when I >>>> run it, nothing happens.. So I start samba using sbin/samba and the >>>> deamons >>>> start. >>>> >>>> However at the tail end of my log file I see >>>> >>>> [2015/06/09 19:22:16.752250, 0] >>>> ../source4/smbd/server.c:475(binary_smbd_main) >>>> At this time the 'samba' binary should only be used for either: >>>> 'server role = active directory domain controller' or to access the >>>> ntvfs >>>> file server with 'server services = +smb' or the rpc proxy with 'dcerpc >>>> endpoint servers = remote' >>>> You should start smbd/nmbd/winbindd instead for domain member and >>>> standalone file server tasks >>>> [2015/06/09 19:22:16.752314, 0] >>>> ../lib/util/become_daemon.c:111(exit_daemon) >>>> STATUS=daemon failed to start: Samba detected misconfigured 'server >>>> role' >>>> and exited. Check logs for details, error code 22 >>>> >>>> since I followed the member server how to -- I am wondering if something >>>> there is left out? >>>> >>>> Here's my smb.conf >>>> >>>> /usr/local/samba# less etc/smb.conf >>>> [global] >>>> >>>> netbios name = srv1 >>>> workgroup = INTERNAL >>>> security = ADS >>>> realm = INTNERAL.XCITY.COM >>>> dedicated keytab file = /etc/krb5.keytab >>>> kerberos method = secrets and keytab >>>> >>>> idmap config *:backend = tdb >>>> idmap config *:range = 2000-9999 >>>> idmap config IN:backend = ad >>>> idmap config IN:schema_mode = rfc2307 >>>> idmap config IN:range = 10000-99999 >>>> >>>> winbind nss info = rfc2307 >>>> winbind trusted domains only = no >>>> winbind use default domain = yes >>>> winbind enum users = yes >>>> winbind enum groups = yes >>>> winbind refresh tickets = yes >>>> >>>> bind interfaces only = yes >>>> interfaces = em1 >>>> log level = 5 >>>> log file = /usr/local/samba/var/log.%m >>>> >>>> >>>> ---- >>>> which matches the how to. >>>> >>>> So there seems to be something missing from the how to . >>>> >>>> Any suggestions ? >>>> Also the %m macro expansion fails for the log file. It actually calls >>>> the >>>> log vile %m... >>>> >>> >>> Nope, there is nothing missing from the member server howto, it tells >>> you what samba processes to start, (smbd, nmbd and winbind). You should >>> only start the samba process on an AD DC. >>> >>> The problem seems to be that the wiki init script page only seems to >>> have a script to start smbd & nmbd (it's at the bottom of the page) and >>> there isn't one for winbind. >>> >>> The easiest way to get the required init scripts is to download the >>> samba package with 'apt-get download samba', unpack it (the easiest way is >>> to browse to the deb and right click it and select 'Extract here'). Now >>> browse into the directory that will be created >>> ~/samba_2%3a4.1.6+dfsg-1ubuntu2.14.04.7_amd64/etc/init.d >>> You should find 4 files, you want 3 of them, the one you don't want is >>> 'samba-ad-dc' >>> Open each of the required files in your favourite editor and change the >>> paths to point to your samba binaries, save the file and then move it to >>> /etc/init.d/ >>> >>> Rowland >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >> >> >> >> -- >> David Bear >> mobile: (602) 903-6476 >> >> >> >> > > > -- > David Bear > mobile: (602) 903-6476 > > > > Yes, but you could use nslcd or sssd. > > Rowland >-- David Bear mobile: (602) 903-6476
Hi David, If you only are use windows users.. and no linux user will access the windows shares then its very simple, on the file server, set any idmap ( rid or AD ) it does not care. Most easy is rid, most flexible for expanding, set AD. winbind is easy to setup. and on any share you make for windows, set. acl_xattr:ignore system acl = yes read : https://www.samba.org/samba/docs/man/manpages/vfs_acl_xattr.8.html Greetz, Louis>-----Oorspronkelijk bericht----- >Van: dwbear75 at gmail.com [mailto:samba-bounces at lists.samba.org] >Namens David Bear >Verzonden: maandag 15 juni 2015 6:10 >Aan: Rowland Penny >CC: samba >Onderwerp: Re: [Samba] samba member file server failer > >I am aware of sssd -- but I assumed I had to use the sssd >package which was >a complete compile. I wasn't sure all the additions sssd made >so I thought >I would understand things better if I compiled from scratch. > >I don't know what nslcd is -- > >My goal is to provide ONLY file servers for samba ADDC >authenticated users. >I assmed winbind was the shortest route to that. > >On Thu, Jun 11, 2015 at 1:29 AM, Rowland Penny ><rowlandpenny at googlemail.com> >wrote: > >> On 10/06/15 22:08, David Bear wrote: >> >> I think winbind is required for file service isn't it? >> >> On Wed, Jun 10, 2015 at 1:28 PM, Rowland Penny < >> rowlandpenny at googlemail.com> wrote: >> >>> On 10/06/15 21:15, David Bear wrote: >>> >>> Thanks Rowland -- will attempt to pull the startup script >from the deb >>> package. >>> >>> Just to clarify, When starting samba as an AD DC, we use the >>> samba-ad-dc script, when starting samba as a file server >only, we need a >>> script that only starts smbd, nmbd, and winbind. ? >>> >>> >>> Basically yes, but on Debian the script called samba will >start the AD >>> DC by running the samba-ad-dc script, or it will run the >two scripts called >>> smbd and nmbd to start a member server. I would suggest >that you just use >>> the smbd & nmbd scripts, you will also need the winbind >script from the >>> winbind package if you intend to use winbind. >>> >>> Rowland >>> >>> >>> >>> >>> On Wed, Jun 10, 2015 at 12:59 AM, Rowland Penny < >>> rowlandpenny at googlemail.com> wrote: >>> >>>> On 10/06/15 03:26, David Bear wrote: >>>> >>>>> I have setup samba 4.2.x as an AD DC in a linux >container. This is an >>>>> privileged container. I am using the brdging interface >and have bound >>>>> samba >>>>> to the specific interface I want. >>>>> >>>>> As an ADDC it is working great. >>>>> >>>>> Now I go to the linux host, and created a samba 4.2 file >server. I was >>>>> able >>>>> to join it to the domain. I followed the member server >instructions at >>>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server . >>>>> >>>>> There were a couple of things that were confusing. Since I am >>>>> installing an >>>>> an ubuntu 14 LTS server I followed the debian side of the >instructions. >>>>> >>>>> Instructions for starting the daemons are given at >>>>> https://wiki.samba.org/index.php/Samba4/InitScript. >Towards the end >>>>> of the >>>>> wiki we were given instructions for both an init.d script >and an upstart >>>>> configuration file. I have grabbed the init.d/ script, made the >>>>> modfications to point things to /usr/local/samba >installation -- and >>>>> when I >>>>> run it, nothing happens.. So I start samba using >sbin/samba and the >>>>> deamons >>>>> start. >>>>> >>>>> However at the tail end of my log file I see >>>>> >>>>> [2015/06/09 19:22:16.752250, 0] >>>>> ../source4/smbd/server.c:475(binary_smbd_main) >>>>> At this time the 'samba' binary should only be used for either: >>>>> 'server role = active directory domain controller' or >to access the >>>>> ntvfs >>>>> file server with 'server services = +smb' or the rpc >proxy with 'dcerpc >>>>> endpoint servers = remote' >>>>> You should start smbd/nmbd/winbindd instead for domain >member and >>>>> standalone file server tasks >>>>> [2015/06/09 19:22:16.752314, 0] >>>>> ../lib/util/become_daemon.c:111(exit_daemon) >>>>> STATUS=daemon failed to start: Samba detected >misconfigured 'server >>>>> role' >>>>> and exited. Check logs for details, error code 22 >>>>> >>>>> since I followed the member server how to -- I am >wondering if something >>>>> there is left out? >>>>> >>>>> Here's my smb.conf >>>>> >>>>> /usr/local/samba# less etc/smb.conf >>>>> [global] >>>>> >>>>> netbios name = srv1 >>>>> workgroup = INTERNAL >>>>> security = ADS >>>>> realm = INTNERAL.XCITY.COM >>>>> dedicated keytab file = /etc/krb5.keytab >>>>> kerberos method = secrets and keytab >>>>> >>>>> idmap config *:backend = tdb >>>>> idmap config *:range = 2000-9999 >>>>> idmap config IN:backend = ad >>>>> idmap config IN:schema_mode = rfc2307 >>>>> idmap config IN:range = 10000-99999 >>>>> >>>>> winbind nss info = rfc2307 >>>>> winbind trusted domains only = no >>>>> winbind use default domain = yes >>>>> winbind enum users = yes >>>>> winbind enum groups = yes >>>>> winbind refresh tickets = yes >>>>> >>>>> bind interfaces only = yes >>>>> interfaces = em1 >>>>> log level = 5 >>>>> log file = /usr/local/samba/var/log.%m >>>>> >>>>> >>>>> ---- >>>>> which matches the how to. >>>>> >>>>> So there seems to be something missing from the how to . >>>>> >>>>> Any suggestions ? >>>>> Also the %m macro expansion fails for the log file. It >actually calls >>>>> the >>>>> log vile %m... >>>>> >>>> >>>> Nope, there is nothing missing from the member server >howto, it tells >>>> you what samba processes to start, (smbd, nmbd and >winbind). You should >>>> only start the samba process on an AD DC. >>>> >>>> The problem seems to be that the wiki init script page >only seems to >>>> have a script to start smbd & nmbd (it's at the bottom of >the page) and >>>> there isn't one for winbind. >>>> >>>> The easiest way to get the required init scripts is to download the >>>> samba package with 'apt-get download samba', unpack it >(the easiest way is >>>> to browse to the deb and right click it and select >'Extract here'). Now >>>> browse into the directory that will be created >>>> ~/samba_2%3a4.1.6+dfsg-1ubuntu2.14.04.7_amd64/etc/init.d >>>> You should find 4 files, you want 3 of them, the one you >don't want is >>>> 'samba-ad-dc' >>>> Open each of the required files in your favourite editor >and change the >>>> paths to point to your samba binaries, save the file and >then move it to >>>> /etc/init.d/ >>>> >>>> Rowland >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >>> >>> >>> >>> -- >>> David Bear >>> mobile: (602) 903-6476 >>> >>> >>> >>> >> >> >> -- >> David Bear >> mobile: (602) 903-6476 >> >> >> >> Yes, but you could use nslcd or sssd. >> >> Rowland >> > > > >-- >David Bear >mobile: (602) 903-6476 >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >